Security Analysis of Systems Using Model-Integrated Computing

1
Security Analysis of Systems Using
Model-Integrated Computing

• Modeling and Analysis of Attack Trees in GME
• TRUST Project
• August 4, 2006
• Blake Sheridan
• Marty Henderson
• Jan Werner, graduate mentor

2
What is an Attack Tree?

• Conceptual diagrams of threats on systems and
  possible attacks to reach those threats

• Root, children, leaves
• And/Or nodes
• Concept invented by security expert Bruce
  Schneier

3
Benefits of Attack Trees
Give the user an intuitive visual representation
of an attack scenario.
Software can be designed to generate statistics
on a vulnerable attack path.
4
A bare bones modeling specification
Attack tree (model, can contain other objects)
Graphs can connect to nodes for collapsibility
purposes (more on that later).
Nodes can be connected to other nodes.
Node (atom, base element)
5
Enforcing tree structure with OCL Constraints

• Multiplicity
• self.attachingConnections("src")-gtsize lt 2
• Cyclical Constraint Function
• if (self.GetTopParent(self) ltgt self) then
• false
• else
• if (self.attachingConnections("src")-gtsizelt1)t
  hen
• false
• else
• true

6
The Attack Tree Toolbox

• A set of tools we designed for performing
  functions on attack tree models
• Built using the Builder Object Network (BON), a
  GME tool which instantiates C objects for every
  object contained within a model

7
Analysis Interpreter
8
(No Transcript)
9
Collapse Interpreter
To increase readability, a collapsing tool was
added to the toolbox

• Invocation with a Node highlighted
• Turn branch under node into an Attack Tree model

• Invocation with an Attack Tree model
  highlighted
• Expand the model into the original branch

10
Dispatch Interpreter Attack trees as data in an
XML format

• XML is a markup language for representing data

• Our Dispatch interpreter can import or export XML
  files
• Export creates an XML file in the format to the
  right
• Import parses an XML file and creates a GME
  model representing that attack tree

11
Dispatch Interpreter Attack trees represented
in Graphviz

• Graphviz is open source graph visualization
  software.

• Graphviz can be used to automatically generate an
  image of the modeled tree.
• Our Dispatch interpreter also handles Graphviz
  exportation.

12
Future Work

• Save and load profiles of potential intruders to
  the system, such as the average script kiddie, a
  professional cracker, or a common burglar
• Model and diagnose a real life system, most
  likely a local computer network

• Improve diagnosis of a modeled systems
  weaknesses

13
References

• Schneier, Bruce. Attack Trees. Dec. 1999.  27
  June 2006. lthttp//www.schneier.com/paper-attackt
  rees-ddj-ft.htmlgt.

14
Security Analysis of Systems Using
Model-Integrated Computing

• Modeling and Analysis of Attack Trees in GME
• TRUST Project
• August 4, 2006
• Blake Sheridan
• Marty Henderson
• Jan Werner, graduate mentor